Oussama911 discovered two XSS vulnerabilities in Simple Security WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of WP websites with the vulnerable plugin.

The discovered vulnerabilities can be used by attackers to steal administrator's cookies of a vulnerable website. This can lead to total website compromise.

Attackers can also perform drive-by-download attacks against website admin by injecting malware or exploit-packs into vulnerable scripts.

1.1 User-supplied input passed via the "datefilter" HTTP GET parameter to "/wp-admin/users.php" script is not properly sanitised before being returned to the administrator. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in his browser in the context of the vulnerable website.

1.2 User input passed via the "simple_security_ip_blacklist[]" HTTP POST parameter to "/wp-admin/users.php" script is not properly filtered before being returned to the administrator. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.